Polymorphic Hybrid CMOS-MTJ Logic Gates for Hardware Security Applications

Abstract

Various hardware security concerns, such as hardware Trojans and IP piracy, have sparked studies in the security field employing alternatives to CMOS chips. Spintronic devices are among the most-promising alternatives to CMOS devices for applications that need low power consumption, non-volatility, and ease of integration with silicon substrates. This article looked at how hardware can be made more secure by utilizing the special features of spintronics devices. Spintronic-based devices can be used to build polymorphic gates (PGs), which conceal the functionality of the circuits during fabrication. Since spintronic devices such as magnetic tunnel junctions (MTJs) offer non-volatile properties, the state of these devices can be written only once after fabrication for correct functionality. Symmetric circuits using two-terminal MTJs and three-terminal MTJs were designed, analyzed, and compared in this article. The simulation results demonstrated how a single control signal can alter the functionality of the circuit, and the adversary would find it challenging to reverse-engineer the design due to the similarity of the logic blocks’ internal structures. The use of spintronic PGs in IC watermarking and fingerprinting was also explored in this article. The TSMC 65nm MOS technology was used in the Cadence Spectre simulator for all simulations in this work. For the comparison between the structures based on different MTJs, the physical dimension of the MTJs were kept precisely the same.

1. Introduction

The remarkable rise of embedded systems in recent years has led to the globalization of custom integrated circuit (IC) design. With the development of semiconductor technology scaling to very deep submicron levels, the cost of manufacturing these devices has significantly grown. Therefore, only some semiconductor organizations can handle the entire supply chain, from design to packaging. Most of the remaining companies have given up on the fabrication process and depend on unreliable foundries to produce their ICs [1]. Although using a third party’s fabrication facilities can lower costs and shorten time to market, it also raises significant hardware security issues [2]. An untrustworthy and unreliable foundry opens the door to threats such as IP theft, reverse-engineering, counterfeiting, hardware Trojan insertion, overproduction of integrated circuits, and IC cloning [3,4,5,6,7]. Developments have considerably improved the concept of hardware security in various developing technologies, including memristors, nanowire FETs (NWFETs), carbon nanotubes (CNTs), graphene nanocarbon (GNR), and spintronic devices [8,9,10,11,12,13]. Nanodevices’ numerous inductive and capacitive effects are also thoroughly investigated for the on-chip interconnects [14,15,16,17,18]. Numerous spintronics phenomena have been studied, including all-spin logic, spin–torque clocking, voltage-controlled magnetic anisotropy, current-induced spin accumulation, and usage in a range of applications, including logic circuits, memories, flexible electronics, terahertz emitters, and quantum computer circuits [19,20,21]. These devices have a variety of characteristics, including non-volatility, low power consumption, high durability, and high circuit integration density, which are advantageous for hardware security and in-memory computing. Researchers have investigated the usage of spintronic devices for hardware security primitives such as hardware Trojans, physically unclonable functions (PUFs), true random number generators (TRNGs), and logic locking [22,23,24,25,26,27]. A. Stoica first proposed a unique reconfigurable method based on PGs in 2001 [28]. Polymorphic gates/circuits can perform function transformation in response to control factors such as temperature, supply voltage, and external inputs because multiple functionalities are integrated into a single structure. Spintronics-based polymorphic and reconfigurable logic is also emerging as a potential method to increase the hardware’s security [29,30,31,32,33,34,35].

This work proposes the use of logic-in-memory architecture-based spintronic PGs for hardware security primitives, such as preventing manufacturing-time tampering, watermarking, and fingerprinting in integrated circuits. The rest of the paper is organized as follows. Section 2 discusses the background of magnetic tunnel junctions and the logic-in-memory architecture. Section 3 demonstrates the operation of PGs and their use in hardware security applications. The experimental results and challenges are discussed in Section 4. The paper is finally concluded in Section 5.

2. Background

2.1. Magnetic Tunnel Junction: Construction and Switching

A magnetic tunnel junction is a multilayer nano-stack structure of two ferromagnetic (FM) layers and an oxide layer. One of the FM layers in the MTJ stack has a fixed magnetic orientation and is referred to as a fixed/reference/pinned layer. The other layer is known as a free layer, and its magnetic orientation can be either similar to or opposite that of the pinned layer. Multiple MTJ devices with two and three terminals have been explored that utilize various mechanisms such as spin-transfer torque (STT), spin–orbit torque (SOT), and voltage-controlled magnetic anisotropy (VCMA) for switching. Perpendicular magnetic tunnel junctions (p-MTJs) are preferred over in-plane magnetic tunnel junctions (i-MTJs) due to their longer retention durations, lower power dissipation, improved thermal stability, ease of scaling, and several other advantages. The structure of a two-terminal p-MTJ using the spin-transfer torque effect for switching [36] is shown in Figure 1a. In this phenomenon, a charge current is passed through the MTJ stack, which becomes spin-polarized while crossing through the FM layers and results in the switching of the magnetic orientation of the free layer. When both FM layers have the same magnetic orientation, this state is parallel (P), and the MTJ offers a lower resistance, whereas it offers higher resistance when the magnetic orientations of the two FM layers are opposite, a condition known as an antiparallel state (AP). Resistance in parallel and antiparallel states is indicated by the symbols $R_P$ and $R_{AP}$. In a three-terminal MTJ, the stack of MTJs is fabricated on a heavy metal layer [37], as shown in Figure 1b. A charge current is used to alter the MTJ’s state by passing it via the heavy metal layer, which exerts a torque on the free layer and aids in switching the state. This heavy metal layer increases the area of the overall device; since lower current is passed through the oxide barrier, the device has more endurance. Tunnel magnetoresistance (TMR), which is computed as follows, describes the relative resistance variation between parallel and antiparallel states:

$$TMR=\frac{R_{AP}-R_P}{R_P}\times 100$$

(1)

In the macrospin approximation, a modified Landau–Lifshitz–Gilbert (LLG) equation governs the magnetization dynamics of the free layer [37], as

$$\begin{array}{c}\hfill \frac{\partial \overrightarrow{m}}{\partial t}=-\gamma {\mathsf{\mu }}_0\overrightarrow{m}\times \overrightarrow{H}{}_{eff}+\alpha \overrightarrow{m}\times \frac{\partial \overrightarrow{m}}{\partial t}-\xi P{J}_{STT}\overrightarrow{m}\times (\overrightarrow{m}\times \overrightarrow{m}{}_r)-\xi \eta J_{SHE}\overrightarrow{m}\times (\overrightarrow{m}\times \overrightarrow{\sigma }{}_{SHE})\end{array}$$

(2)

Here, $\overrightarrow{m}$ and $\overrightarrow{m_r}$ are the unit vector along with the magnetization of the free layer and the reference layer, respectively, $\gamma$ is the gyromagnetic ratio; ${\mathsf{\mu }}_0$ is the vacuum permeability; ${\overrightarrow{H}}_{eff}$ is the effective magnetic field; $\alpha$ is the Gilbert damping coefficient; P is the polarization factor; $J_{STT}$ and $J_{SHE}$ are the STT and SOT current density applied to the MTJ device; ${\overrightarrow{\sigma }}_{SHE}$ is the polarization direction of the spin current injected in the free layer.

2.2. Logic-in-Memory Architecture

The von Neumann architecture has been used for many years in CMOS technology for IC manufacturing. The control unit, memory unit, registers, and inputs/outputs are the components of this architecture that communicate through wires and interconnects [38]. The von Neumann bottleneck—a limited throughput between the central processor unit and memory compared to the amount of memory—is caused by the shared bus between the program memory and data memory. In order to minimize the delay brought on by cables and interconnects, the LIM architecture is an emerging concept. Figure 1c illustrates how non-volatile devices are arranged over a logic circuit plane and positioned close to one another in this layout. This memory integration on top of the logic reduces the overall area occupied and shortens the length of wires and interconnects.

A hybrid CMOS-MTJ approach-based the LIM architecture is shown in Figure 1d. The three components of this LIM architecture are the sense amplifier, the logic structure, and the writing circuit. The output of the circuits, which varies with the input sequence in the NMOS logic structure and the data present in the non-volatile logic, is sensed by the sense amplifier. The precharge sense amplifier (PCSA) [39], offset-compensated high-speed sensing (OCHS) [40], dynamic dual-reference sensing (DDRS) [41], latch offset cancellation sensing (LOC) [42], double switches and transmission gate access transistor sensing (DSTA) [43], and high-sensing margin, high-speed, and stability sensing (HMSS) [44] are amongst the current mode sensing circuits that have been investigated for STT-MRAMs. The data stored in the non-volatile logic are changed using the writing circuit. A bidirectional current is passed through the MTJ stack in the case of STT-MTJs, whereas in the case of SOT-MTJs, a larger write current is passed through the heavy metal layer and a small STT current is passed through the MTJ stack. The writing circuit with four transistors can write one, as well as two MTJs connected in series [36,45].

3. Proposed Work: Spintronics PGs for Hardware Security Applications

3.1. Operation of Spintronics PGs

The ability of PGs based on spintronics to improve hardware security was investigated in this work. In hybrid CMOS-MTJ circuits, the circuit can carry out various operations depending on the resistance of the complementary MTJs. The NMOS logic structures proposed in [46] were utilized in this work; however, the investigation also included the three-terminal SOT MTJs in addition to the two-terminal STT MTJs. For a better comparison, both types of MTJs have exactly matching physical dimensions and several other factors, as listed in

Table 1. MTJ Parameters used for electrical simulations.

Parameter	STT-MTJ Values	SOT-MTJ Values
MTJ Dimension	40 nm × 40 nm	40 nm × 40 nm
MTJ Shape	Circular	Circular
Oxide barrier thickness	0.85 nm	0.85 nm
Free layer thickness	0.7 nm	0.7 nm
Heavy metal dimensions	–	60 nm × 40 nm × 3 nm
Resistance area product	10 $\mathsf{\Omega }$ um${}^2$	10 $\mathsf{\Omega }$ um${}^2$
Tunnel Magnetoresistance	200%	200%
Temperature	300 K	300 K
Technology parameters	default [36]	default [37]

. The hybrid CMOS-MTJ-structure-based circuits utilizing three-terminal MTJs as non-volatile logic are shown in Figure 2. Precharge sense amplifiers were employed in this work to sense the circuit’s outputs. In these circuits, two MTJs are present with free layers magnetized in opposite directions, offering different resistance to the current. A four-transistor-based writing circuit changes the state of the MTJs by sending a control signal (Ctrl). The write enable signal must be turned to high for the Ctrl signal to function.

The circuits in Figure 2 operate in two phases. (1) Precharge phase: During this time, the Clk signal is low, activating the Clk-controlled PMOS transistors and charging both outputs to Vdd. (2) Evaluation phase: This stage begins as soon as the Clk pulse changes from low to high, turning on the tail NMOS transistor and opening a path for current to flow to the ground. One of the outputs is discharged completely, making the other output high, depending on the resistance of the left and right branches. The structure always produces complementary outputs, which may be employed depending on the needs of the circuit. When the Ctrl is low, the circuit in Figure 2a performs the XOR operation at the out terminal, and it changes to XNOR when the Ctrl signal is made high. Similarly, the circuit of Figure 2b performs AND and OR logic operations at the out terminal when the Ctrl signal is 0 or 1, respectively. The resistance offered to the PCSA in the left and right branches of the circuits is shown in a table in Figure 2c. Because both outputs are at Vdd during the precharge phase, the one brought down to zero faster in the evaluation phase causes the other output to return to Vdd due to the inverters in the PCSA. The resistance offered by MTJs in the parallel state is lower than the resistance provided in the antiparallel state. By adjusting the tunneling magnetoresistance of the MTJ, this resistance variation, which varies by a few k$\mathsf{\Omega }$, can be controlled.

3.2. Preventing Manufacturing-Time Tampering

The idea of hiding functionality utilizes the non-volatile property of MTJs. The symmetrical structures of Figure 2 are valuable for hiding a netlist or layout’s functionality after manufacturing. Being unaware of the specific logical block’s functioning prevents an attacker in the foundry from altering the design. The operation or functionality of these gates can be switched simply by manipulating the state of the MTJs with control signals. The MTJ state can be permanently changed once after fabrication for correct functionality. The logic circuit diagram utilizing hybrid CMOS/MTJ-based PGs is shown in Figure 3a. Depending on the Ctrl signal, the logic’s output expression changes. Figure 3b displays the circuit’s output $F=F_1=(\overline{B}.C)$ when the Ctrl signal is “0”, and Figure 3c displays the circuit’s output when the Ctrl signal is “1”, which is $F=F_2=(\overline{B}+C)$. As a result, the adversary is constrained from making malicious changes to the circuit because he/she does not know how the circuit works. A single writing circuit can also write all of the circuit’s logical blocks to enable control over a single Ctrl input. If a designer wants to employ the same type of block as the AND and OR logic operation at Ctrl = 0 or Ctrl = 1, the connections of the writing circuit must be made in accordance with that. In Figure 2b, the circuit functions as an AND logic when Ctrl = 0. The same circuit can function as an OR operation at Ctrl = 0 by connecting the writing circuit and primary circuit in reverse. Therefore, the operation of the entire circuit can be controlled by a single Ctrl input. However, keeping fewer control signals also increases the probability of an adversary discovering the functionality. The adversary can reveal the functionality with a 50% probability for a single control signal, which lowers as the number of control signals grows. For hiding functionality, it is also taken into consideration that distinct logical operations have similar structures and an exactly equal number of transistors. Any logic operation has a circuit with a similar structure, which results in a similar physical layout, which may not be possible with current CMOS technology. The symmetry of the layouts makes it difficult for an adversary to reverse-engineer a layout after fabrication or even at the fabrication level to determine its functionality.

3.3. IC Watermarking

Watermarking is a method that enables the IP designer to hide authorship information inside the design without compromising the design’s functioning [47]. The researchers in [48] reported the use of PGs for IC watermarking techniques. Spintronics-based PGs hold their functionality until the state of the MTJs is changed. Therefore, they can be used in watermarking techniques, as depicted in Figure 4a. In this technique, when the Ctrl signal is set to “0”, the circuit operates appropriately in normal mode, as shown in Figure 4b.

When it is essential to illustrate the watermark, the circuit is switched to the specific mode by setting the Ctrl signal to “1”, as shown in Figure 4c. MTJs offer non-volatile properties; therefore, when used in normal mode, they can retain their state for a longer duration. A PG can replace every cell in the original netlist; however, researchers have developed various algorithms to find a suitable replacement location that ensures that the circuit functions correctly at normal operation after the gates in the location are replaced [48,49]. Additionally, the functionality of the modified circuit in normal and special modes can be differentiated by observing the primary outputs.

3.4. IC Fingerprinting

Circuit fingerprinting is a technique for adding special characteristics to each copy of a circuit so that they can be recognized and traced to stop intellectual property (IP) piracy. Spintronics-based PGs can replace the standard library cells holding the satisfiability don’t care (SDC) conditions. SDC conditions describe the logic combinations that will not occur in the internal nets, given all the combinations that the primary inputs can take [50]. The configurations of the PGs serve as the circuit fingerprint and ensure that the modified circuit operates as intended. In Figure 5a, the input to AND/OR block is always (0,0) and (1,1). The other combinations do not exist at the input of the block; the same can be seen from the table in Figure 5b. Therefore, an AND/OR PG can be used at the location because that will not affect the functionality. Due to the non-volatile characteristics of MTJs, spintronics-based PG can be fabricated with a certain orientation of MTJs and without connections to the writing circuit, allowing for the use of the devices as dummy fingerprints. Since fingerprinting is an infrequent event, after the fingerprinted copies of the original circuit are fabricated, the configuration type of the PG can be determined by opening the chip to find embedded fingerprints. The attacker can change the fingerprint of these PG to a fingerprint that the manufacturer has not distributed. However, this attack necessitates locating the dummy fingerprint bits, as altering these would affect the circuits’ operation.

4. Results and Discussion

4.1. Simulation Results

Figure 6 displays the output waveform for the circuits indicated in Figure 2, where the polymorphic behavior of the circuits in response to a control signal can be seen. The output of the AND/OR circuit, where the AND operation shifts to the OR operation as the Ctrl signal changes from 0 to 1, is represented by the first out curve in the figure. Similar to this, the second out curve in the diagram represents the XOR/XNOR operation at the out terminal, and when the Ctrl signal changes from negative to positive, the operation shifts from XOR to XNOR. The TSMC 65 nm MOS technology node was used for the MOS transistors with l = 60 nm and w = 200 nm for both NMOS and PMOS transistors. The simulations were run using the parameters listed in Table 1 in the Cadence Spectre simulator.

The circuits of Figure 2 were simulated with both two-terminal and three-terminal MTJ structures, with the Verilog A-based behavioral models of MTJs, mentioned in Table 1. The various parameters, including the physical dimensions of both the STT and SOT-MTJ stack, were kept equal for a better comparison. The circuit uses a precharge sense amplifier, which charges both output terminals to “1” when the clock pulse is low; thus, there is no rise time for the outputs. A four-transistor-based writing circuit was used for writing the state of the MTJs [45].

Table 2. Maximum fall time and delay of spintronics PG.

Logic Operation	STT-MTJ-Based		SOT-MTJ-Based
	Fall Time	Delay	Fall Time	Delay
AND	117.71 ps	132.48 ps	167.74 ps	96.20 ps
OR	99.16 ps	25.40 ps	154.95 ps	70.60 ps
NAND	115.48 ps	25.30 ps	154.33 ps	70.20 ps
NOR	146.40 ps	161.60 ps	170.15 ps	98.00 ps
XOR	106.88 ps	27.60 ps	171.40 ps	99.30 ps
XNOR	106.53 ps	27.50 ps	164.53 ps	93.40 ps

lists the maximum fall time and delay observed in each operation. The fall time was calculated by considering the curve’s start and end points at 90% and 10% of their maximum, respectively, and Vdd as 1V. From the table, it can be seen that, in most cases, the STT-MTJs performed faster than the SOT-MTJs. However, the write current is not passed through the stack in the SOT-MTJs, so the device’s endurance was better. The $Out/\overline{Out}$ signal and the 50% level of the Clk signal determined the delay. The size of the MOS transistors can be increased to reduce the delay further. Figure 7 illustrates that the delay of the SOT-based XOR and NAND operations decreased with the increasing tail NMOS transistor width in the PCSA. STT-MTJ-based logical operations offered a significant difference in the propagation delay. This raises the likelihood that the operation will be detected. The power consumption of SOT-MTJ-based logical operations was calculated due to the similar delays of various operations. The results showed that the AND/NAND, OR/NOR, and XOR/XNOR each utilized 1.93 $\mathsf{\mu }$W, 1.95 $\mathsf{\mu }$W, and 2.41 $\mathsf{\mu }$W, respectively. However, this does not include the power consumed by the writing circuit since one writing circuit can be utilized for multiple logic blocks. The writing circuit consumed approximately 18 $\mathsf{\mu }$W of power when the SOT-MTJ-based logic operations were performed. The comparable delay and power of various operations provide an advantage for preventing the circuit from side-channel attacks. The SOT-based PGs should always be chosen for applications where the circuits will constantly be in use. However, both SOT- and STT-based PGs can be utilized for infrequent events such as fingerprinting and watermarking.

The output waveforms for the sample circuit for watermarking utilizing STT-MTJs and fingerprinting utilizing SOT-MTJs are plotted in Figure 8. The same input combinations were used for both logic circuits. The functionality of both circuits can be observed from the waveform. As the PGs use the clock signal, the MOS logic gates in the sample circuit were based on the dynamic CMOS logic. The output of the dynamic logic may exceed the supply voltage as a result of issues including clock-feedthrough and capacitive coupling [51].

4.2. Effect of Process Variation

With a maximum 3% variation in certain MTJ parameters that follow a Gaussian distribution, Monte Carlo simulations were performed for different corners of the MOS transistors. These MTJ parameters included TMR, the free-layer thickness, the oxide layer thickness, and the device surface. The low-discrepancy sequence (LDS) method, which uses a deterministic sequence to provide uniform coverage of the sample space, was used in the Monte Carlo simulation. Its convergence accuracy ≈1$/pow(N,2/3)$ was faster than the random sampling method, which had a convergence accuracy of 1/sqrt (N). The 200-times Monte Carlo simulations were performed in each fast–best (all MOS devices in FF) case, the typical case, and the slow–worst (all MOS devices in SS) case for both AND/OR and XOR/XNOR operation. The data for the same are listed in

Table 3. Performance of spintronics PGs at various process corners with 3% variation in specific MTJ parameters.

Process Corner	Temperature (°C)	Supply Voltage (Vdd)	AND/OR Operation	XOR/XNOR Operation
Fast–best (FF)	−25 °C	1.1 V	Pass	Pass
Typical (TT)	25 °C	1.0 V	Pass	Pass
Slow–worst (SS)	75 °C	0.9 V	Fail	Fail

. The temperature variation was applied based on the manual of the technology node, and a 10% variation was applied in the supply voltage with respect to the typical case. The simulation showed that the circuits operated correctly at the fast–best and the typical corner, but the operation was disturbed at the slow–worst corner. The primary reason for the operation error was the voltage across the MTJs. With 0.9V supply voltage, the MTJs needed to receive more current for proper switching. The waveform in Figure 9 represents the voltage at the out terminal of both circuits in the above-mentioned process corners.

4.3. Design Considerations, Discussion, and Challenges

Several design constraints should be considered while designing MTJ-based circuits for these applications. Polymorphic circuits based on MTJs are susceptible to the loading effect since the circuits’ ability to operate depends on the MTJ resistance. According to the TMR value and the dimensions, the resistance difference between the two branches during sensing operation is a few k$\mathsf{\Omega }$. The operation could become unstable if other circuit components heavily load the system. MTJs ought to have a high tunnel magnetoresistance because of this. The retention period is another factor. It is important to choose MTJ parameters that have a long-enough retention time. According to the industry standard, the retention period for non-volatile memories should be ten years [52]. The retention time of MTJs is described by the thermal stability factor, which should be high to ensure that MTJ’s condition is resistant to external thermal fluctuation. In the macrospin area, the thermal stability factor is constant with respect to the MTJ size, but it responds linearly to the lateral diameter below the subvolume limit [36]. A periodic write operation should be performed in the writing circuit if the MTJs’ retention time is significantly lowered. The writing circuit should have sufficient driving power to simultaneously write the states of all MTJs if the designer employs a single writing circuit for all blocks.

Table 4. Different PGs utilizing spintronics devices.

Design	Morph Method	Device Used
[13]	Wired program	STT-MTJ
[33]	Three keys	5T-DWM device
[34]	Preset and set lines	GSHE MTJ
[35]	Control signal	GSHE switch
[46]	Control signal	STT MTJ
This Work	Control signal	SOT and STT MTJ

DWM—domain wall motion; GSHE—giant spin Hall effect.

summarizes earlier efforts to build polymorphic gates utilizing spintronic devices. The table contains information on the employed devices and the morphing techniques. The spintronic-based polymorphic gates’ power, area, and delay were much higher than standard CMOS logic circuits. Compared to the standard CMOS AND gate and OR gate, the transistor count was larger by nine transistors and two MTJs and by seven transistors and two MTJs for the XOR and XNOR gates. Writing circuitry is also necessary for writing the state of MTJs. Compared to the power usage of typical CMOS gates and STT-MTJ-based PG [46], which is of the nW order, the power consumption of SOT-based PGs is several $\mathsf{\mu }$W. A typical CMOS gate in the same technological node has a maximum delay of approximately 40 ps, significantly lower than spintronics gates. These are challenges that SOT-MTJ-based circuits must overcome as the field of spintronics develops. Along with this, the operation of the circuits at various process corners of the MOS technology nodes should be appropriately tested.

5. Conclusions

This article analyzed how spintronics-based polymorphic gates can be used to construct logic circuits that conceal a circuit’s functioning and guard against tampering during manufacturing by taking advantage of magnetic tunnel junctions’ non-volatile property. Other hardware security applications, such as integrated circuit watermarking and fingerprinting, can benefit from using these polymorphic gates. In order to prevent an adversary at the foundry from tampering with the design, the correct functionality of a circuit can be attained by writing the MTJ state only once after fabrication. If the MTJ’s retention time is sufficient, no periodic writing is necessary, and just one writing circuit with a very high driving capability is needed to write several blocks at once. The TMR and MTJ size should be selected appropriately when building such circuits to reduce the loading effect from other circuit components. The comparable power and delay of various operations in SOT-MTJ-based circuits will make it challenging to identify the operation using side-channel analysis. The equal transistor and MTJ count, along with a similar structure for various operations, can lead to a similar physical layout, which will be advantageous when the opponent is performing reverse-engineering or determining functionality from the physical layout. Many design-related issues and challenges, including high power, area, delay, and low fan-out, will need to be solved in the future. This opens the door to investigating more MTJ structures with sub-10 nm dimensions.